[Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?
Craig Rodrigues
rodrigc at crodrigues.org
Sat Dec 3 17:21:56 MST 2016
On Thu, Dec 1, 2016 at 7:01 PM, Mark Williams <markrwilliams at gmail.com>
wrote:
>
> I bet the key negotiated by conch is not an ECDSA key but rather an
> RSA key. If this is all the case, then I think you've found a key
> that LibreSSL supports but your client's libssl (which conch calls
> into via cryptography) does not. What version of libssl do you have?
>
Yes, you are right. I did some debugging and found that
in ssh_KEX_DH_GEX_REPLY()
https://github.com/twisted/twisted/blob/trunk/src/twisted/conch/ssh/transport.py#L1596
only an RSA key is negotiated, even if an EC key is in the known_hosts file.
I thought that with all the EC fixes committed to the tree that this was
all working,
but it looks like there is still some stuff missing. This might fill in
the gaps:
https://github.com/twisted/twisted/pull/432
--
Craig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20161203/2b6bb82c/attachment-0002.html>
More information about the Twisted-Python
mailing list